Re: Password file with over 3000 users.
Craig Sanders wrote:
> if you have the libnss-db package (part of nsswitch) installed, you have
> everything you need already.
Thanks. This is exactly what I need. I actually found this and got it
running shortly after I posted my original message. Everything is in
Debian - except the documentation!
My setup is pretty much exactly as you recommend.
> PS: this works. i did this several years ago on one server when the number of
> accounts grew to about 5000. there is one small catch - with the cron job
> running every 5 minutes, there is a small window of time when the source files
> in /etc have been updated but the .db versions haven't been regenerated yet.
Just one small addition.
I added this line to end of our /usr/local/sbin/adduser.local
[ -e /var/lib/misc/Makefile ] && cd /var/lib/misc/ && make
And I have a cron job which runs the same command once per hour to
effect deletions and account locking etc.
I will have to look into controlling the cron spam.
We actually use this password file across a couple of servers with a
cron job that copies it across with rsync every 5 minutes. At some stage
I must look at a SQL or LDAP based solution. I originally chose the
rsync because each server can run on its own if one goes down and there
are no performance issues. But libpam-ccreds and nss-updatedb appear to
offer the same functionality when coupled with ldap.
We already have a postgresql backend for our radius server, would it be
better to run SQL -> LDAP -> nss or go directly from SQL -> nss?